pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/geography/gpsd Security fix: by default, only listen o...
details: https://anonhg.NetBSD.org/pkgsrc/rev/4c746ba94654
branches: trunk
changeset: 548809:4c746ba94654
user: gdt <gdt%pkgsrc.org@localhost>
date: Fri Oct 24 13:25:50 2008 +0000
description:
Security fix: by default, only listen on INADDR_LOOPBACK, so that
position is only provided on on-machine clients. Previously, gpsd
listened on INADDR_ANY, providing position of the computer to any host
that asked. (The fix is in upstream bugzilla, with link in
patches/patch-ac.)
diffstat:
geography/gpsd/Makefile | 3 +-
geography/gpsd/distinfo | 4 ++-
geography/gpsd/patches/patch-ac | 45 +++++++++++++++++++++++++++++++++++++++++
geography/gpsd/patches/patch-ad | 41 +++++++++++++++++++++++++++++++++++++
4 files changed, 91 insertions(+), 2 deletions(-)
diffs (120 lines):
diff -r 70176bba6823 -r 4c746ba94654 geography/gpsd/Makefile
--- a/geography/gpsd/Makefile Fri Oct 24 13:08:13 2008 +0000
+++ b/geography/gpsd/Makefile Fri Oct 24 13:25:50 2008 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.12 2008/10/24 13:08:13 gdt Exp $
+# $NetBSD: Makefile,v 1.13 2008/10/24 13:25:50 gdt Exp $
DISTNAME= gpsd-2.37
+PKGREVISION= 1
CATEGORIES= geography
MASTER_SITES= http://download.berlios.de/gpsd/
diff -r 70176bba6823 -r 4c746ba94654 geography/gpsd/distinfo
--- a/geography/gpsd/distinfo Fri Oct 24 13:08:13 2008 +0000
+++ b/geography/gpsd/distinfo Fri Oct 24 13:25:50 2008 +0000
@@ -1,7 +1,9 @@
-$NetBSD: distinfo,v 1.10 2008/10/24 13:08:13 gdt Exp $
+$NetBSD: distinfo,v 1.11 2008/10/24 13:25:50 gdt Exp $
SHA1 (gpsd-2.37.tar.gz) = 5bf4e1db9e570cc14b70bd0cf902926f96131ace
RMD160 (gpsd-2.37.tar.gz) = 72387ef3c8da39ed1a1dffa9aecfff1622023fcc
Size (gpsd-2.37.tar.gz) = 712943 bytes
SHA1 (patch-aa) = 0f581183a114d63733c57ed9f0ceead43e2e5607
SHA1 (patch-ab) = 869942effbfc22ece1716dce0ffb5c907dd66906
+SHA1 (patch-ac) = 2cfd090f2c7bf1d526b5d6125c451b5f45617dd0
+SHA1 (patch-ad) = 551701d43016f9fefd0bd488415bfecb62c55d1a
diff -r 70176bba6823 -r 4c746ba94654 geography/gpsd/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/geography/gpsd/patches/patch-ac Fri Oct 24 13:25:50 2008 +0000
@@ -0,0 +1,45 @@
+$NetBSD: patch-ac,v 1.3 2008/10/24 13:25:50 gdt Exp $
+
+Don't expose position via INADDR_ANY by default. Security fix for
+http://developer.berlios.de/bugs/?func=detailbug&bug_id=14707&group_id=2116
+
+--- gpsd.c.orig 2008-01-28 15:04:33.000000000 -0500
++++ gpsd.c
+@@ -86,6 +86,7 @@
+ static fd_set all_fds;
+ static int maxfd;
+ static int debuglevel;
++static bool listen_global = false;
+ static bool in_background = false;
+ static bool nowait = false;
+ static jmp_buf restartbuf;
+@@ -230,7 +231,10 @@ static int passivesock(char *service, ch
+ /*@ -mustfreefresh @*/
+ memset((char *) &sin, 0, sizeof(sin));
+ /*@i1@*/sin.sin_family = AF_INET;
+- sin.sin_addr.s_addr = INADDR_ANY;
++ if (listen_global)
++ sin.sin_addr.s_addr = htonl(INADDR_ANY);
++ else
++ sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+
+ if ((pse = getservbyname(service, protocol)))
+ sin.sin_port = htons(ntohs((in_port_t)pse->s_port));
+@@ -1271,7 +1275,7 @@ int main(int argc, char *argv[])
+ (void)setlocale(LC_NUMERIC, "C");
+ #endif
+ debuglevel = 0;
+- while ((option = getopt(argc, argv, "F:D:S:bhNnP:V"
++ while ((option = getopt(argc, argv, "F:D:S:bhNnP:VG"
+ #ifdef RTCM104_SERVICE
+ "R:"
+ #endif /* RTCM104_SERVICE */
+@@ -1280,6 +1284,8 @@ int main(int argc, char *argv[])
+ case 'D':
+ debuglevel = (int) strtol(optarg, 0, 0);
+ break;
++ case 'G':
++ listen_global = true;
+ case 'F':
+ control_socket = optarg;
+ break;
diff -r 70176bba6823 -r 4c746ba94654 geography/gpsd/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/geography/gpsd/patches/patch-ad Fri Oct 24 13:25:50 2008 +0000
@@ -0,0 +1,41 @@
+$NetBSD: patch-ad,v 1.3 2008/10/24 13:25:50 gdt Exp $
+
+Don't expose position via INADDR_ANY by default. Security fix for
+http://developer.berlios.de/bugs/?func=detailbug&bug_id=14707&group_id=2116
+
+--- gpsd.xml.orig 2008-01-21 13:35:31.000000000 -0500
++++ gpsd.xml
+@@ -20,6 +20,7 @@
+ <command>gpsd</command>
+ <arg choice='opt'>-f <replaceable>GPS-devicename</replaceable></arg>
+ <arg choice='opt'>-F <replaceable>control-socket</replaceable></arg>
++ <arg choice='opt'>-G </arg>
+ <!-- arg choice='opt'>-R
+ <replaceable>rtcm-listener-port</replaceable></arg -->
+ <arg choice='opt'>-S <replaceable>listener-port</replaceable></arg>
+@@ -107,6 +108,12 @@ commands that edit the daemon's internal
+ clients.</para></listitem>
+ </varlistentry -->
+ <varlistentry>
++<term>-G</term>
++<listitem><para>If present, listen for connections from other
++systems. Otherwise, listen only for connections from this system.
++</para></listitem>
++</varlistentry>
++<varlistentry>
+ <term>-S</term>
+ <listitem><para>Set TCP/IP port on which to listen for GPSD clients
+ (default is 2947).</para></listitem>
+@@ -871,6 +878,12 @@ will not attempt to document this interf
+ </refsect1>
+ <refsect1 id='security'><title>SECURITY AND PERMISSIONS ISSUES</title>
+
++<para><application>gpsd</application>, if given the -G flag, will
++listen for connections from any reachable host, and then disclose the
++current position. Before using the -G flag, consider whether you
++consider your computer's location to be sensitive data to be kept
++private or something that you wish to publish.</para>
++
+ <para><application>gpsd</application> must start up as root in order
+ to open the NTPD shared-memory segment, open its logfile, and create
+ its local control socket. Before doing any processing of GPS data, it
Home |
Main Index |
Thread Index |
Old Index